Adds ability to prevent login with unverified emails (#2175)

2016-07-04 12:56:35 -05:00
parent b641712d4d
commit 08c63f324a
6 changed files with 141 additions and 0 deletions
--- a/src/Routers/UsersRouter.js
+++ b/src/Routers/UsersRouter.js
@@ -83,6 +83,11 @@ export class UsersRouter extends ClassesRouter {
          throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'Invalid username/password.');
        }
        user = results[0];
+
+        if (req.config.verifyUserEmails && req.config.preventLoginWithUnverifiedEmail && !user.emailVerified) {
+          throw new Parse.Error(Parse.Error.EMAIL_NOT_FOUND, 'User email is not verified.');
+        }
+
        return passwordCrypto.compare(req.body.password, user.password);
      }).then((correct) => {